69a02feb78
Fixes the following security issues: - CVE-2021-41105: FreeSWITCH susceptible to Denial of Service via invalid SRTP packets When handling SRTP calls, FreeSWITCH is susceptible to a DoS where calls can be terminated by remote attackers. This attack can be done continuously, thus denying encrypted calls during the attack. https://github.com/signalwire/freeswitch/security/advisories/GHSA-jh42-prph-gp36 - CVE-2021-41157: FreeSWITCH does not authenticate SIP SUBSCRIBE requests by default By default, SIP requests of the type SUBSCRIBE are not authenticated in the affected versions of FreeSWITCH. https://github.com/signalwire/freeswitch/security/advisories/GHSA-g7xg-7c54-rmpj - CVE-2021-37624: FreeSWITCH does not authenticate SIP MESSAGE requests, leading to spam and message spoofing By default, SIP requests of the type MESSAGE (RFC 3428) are not authenticated in the affected versions of FreeSWITCH. MESSAGE requests are relayed to SIP user agents registered with the FreeSWITCH server without requiring any authentication. Although this behaviour can be changed by setting the auth-messages parameter to true, it is not the default setting. https://github.com/signalwire/freeswitch/security/advisories/GHSA-mjcm-q9h8-9xv3 - CVE-2021-41145: FreeSWITCH susceptible to Denial of Service via SIP flooding When flooding FreeSWITCH with SIP messages, it was observed that after a number of seconds the process was killed by the operating system due to memory exhaustion https://github.com/signalwire/freeswitch/security/advisories/GHSA-jvpq-23v4-gp3m - CVE-2021-41158: FreeSWITCH vulnerable to SIP digest leak for configured gateways An attacker can perform a SIP digest leak attack against FreeSWITCH and receive the challenge response of a gateway configured on the FreeSWITCH server. This is done by challenging FreeSWITCH's SIP requests with the realm set to that of the gateway, thus forcing FreeSWITCH to respond with the challenge response which is based on the password of that targeted gateway. https://github.com/signalwire/freeswitch/security/advisories/GHSA-3v3f-99mv-qvj4 Release notes: https://github.com/signalwire/freeswitch/releases/tag/v1.10.7 Removed patch, upstream applied a different fix: |
||
|---|---|---|
| arch | ||
| board | ||
| boot | ||
| configs | ||
| docs | ||
| fs | ||
| linux | ||
| package | ||
| support | ||
| system | ||
| toolchain | ||
| utils | ||
| .defconfig | ||
| .flake8 | ||
| .gitignore | ||
| .gitlab-ci.yml | ||
| CHANGES | ||
| Config.in | ||
| Config.in.legacy | ||
| COPYING | ||
| DEVELOPERS | ||
| Makefile | ||
| Makefile.legacy | ||
| README | ||
Buildroot is a simple, efficient and easy-to-use tool to generate embedded Linux systems through cross-compilation. The documentation can be found in docs/manual. You can generate a text document with 'make manual-text' and read output/docs/manual/manual.text. Online documentation can be found at http://buildroot.org/docs.html To build and use the buildroot stuff, do the following: 1) run 'make menuconfig' 2) select the target architecture and the packages you wish to compile 3) run 'make' 4) wait while it compiles 5) find the kernel, bootloader, root filesystem, etc. in output/images You do not need to be root to build or run buildroot. Have fun! Buildroot comes with a basic configuration for a number of boards. Run 'make list-defconfigs' to view the list of provided configurations. Please feed suggestions, bug reports, insults, and bribes back to the buildroot mailing list: buildroot@buildroot.org You can also find us on #buildroot on OFTC IRC. If you would like to contribute patches, please read https://buildroot.org/manual.html#submitting-patches